Overview

overview

8

Static

static

3

ordine_di_...NZ.exe

windows7-x64

8

ordine_di_...NZ.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ordine_di_trasporto_6026872024NZ.img

  • Size

    1.4MB

  • Sample

    240613-ndyc6szhkq

  • MD5

    c1e6d93d837c99c3fe2523def95d4a7d

  • SHA1

    80452bb18a166028231684d84aa97444aa0c1656

  • SHA256

    8206a53eb560918173bac4856f505d4c686fc3546d92748e1f07e1b1ce66903e

  • SHA512

    04ce2a0b336ef8ff859de7773787e57f2fbb4d603b380b169b26425c8839407a351b22e4a008ce0400e81c88ecddd3a83a0abb49733c7c6c8510f2beca3b0cea

  • SSDEEP

    12288:bid3DNC0hZMKtC7ivjUrIOZgGG0TdaL32op5vn/NlDXqXlAEZ3809E:bid3xC0hZMKtPrU5ZgwEdllIAEd8h

Score
8/10
execution

Malware Config

Targets

    • Target

      ordine_di_trasporto_6026872024NZ.bat

    • Size

      823KB

    • MD5

      adfdba8f1fcaa3f272b86064eb4b3829

    • SHA1

      1f568fb0374db835a9c2bc7fabc9ae8ed30307c9

    • SHA256

      16c94f4a6d38e594017de33c4ddf82cbe17f1a01134e24af1a19b8c2231cf235

    • SHA512

      78b63d4174f44e4057ee945cc729573301c51b3c3e0160824488cc90acd38e66967bc45dd3fbadf47ed282916cb8c2c0c60e8e9894ffeb70704fa6a195595a2f

    • SSDEEP

      12288:Vid3DNC0hZMKtC7ivjUrIOZgGG0TdaL32op5vn/NlDXqXlAEZ3809E5:Vid3xC0hZMKtPrU5ZgwEdllIAEd8h5

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks